OsVault/npm/electron

npm3 critical

electron

78 known vulnerabilities · 3 critical · 20 high

CVE-2020-15215MEDIUM

Context isolation bypass in Electron

Published Oct 6, 2020

CVE-2022-29257MEDIUM

AutoUpdater module fails to validate certain nested components of the bundle

Published Jun 16, 2022

CVE-2026-34780HIGH

Risk: 41.51/100

Electron: Context Isolation bypass via contextBridge VideoFrame transfer

Published Apr 3, 2026

CVE-2026-34768LOW

Risk: 19.5/100

Electron: Unquoted executable path in app.setLoginItemSettings on Windows

Published Apr 3, 2026

CVE-2026-34767MEDIUM

Risk: 29.51/100

Electron: HTTP Response Header Injection in custom protocol handlers and webRequest

Published Apr 3, 2026

CVE-2026-34773MEDIUM

Risk: 23.51/100

Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows

Published Apr 3, 2026

CVE-2022-36077HIGH

Exfiltration of hashed SMB credentials on Windows via file:// redirect

Published Nov 10, 2022

CVE-2022-29247LOW

Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled

Published Jun 16, 2022

CVE-2017-12581HIGH

Electron vulnerable to remote command execution

Published May 17, 2022

CVE-2020-4075MEDIUM

Arbitrary file read via window-open IPC in Electron

Published Jul 7, 2020

CVE-2017-16151CRITICAL

Chromium Remote Code Execution in electron

Published Jul 24, 2018

CVE-2020-4077HIGH

Context isolation bypass via contextBridge in Electron

Published Jul 7, 2020

CVE-2018-1000136HIGH

Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration

Published Mar 26, 2018

CVE-2020-15174HIGH

Unpreventable top-level navigation

Published Oct 6, 2020

CVE-2020-15096MEDIUM

Context isolation bypass via Promise in Electron

Published Jul 7, 2020

CVE-2018-1000006HIGH

Remote Code Execution in electron

Published Jan 23, 2018

CVE-2018-1000118HIGH

Electron protocol handler browser vulnerable to Command Injection

Published Mar 26, 2018

CVE-2026-34774HIGH

Risk: 40.51/100

Electron: Use-after-free in offscreen child window paint callback

Published Apr 3, 2026

CVE-2018-15685HIGH

Electron webPreferences vulnerability can be used to perform remote code execution

Published Aug 23, 2018

CVE-2022-4135CRITICAL

Heap buffer overflow in GPU

Published Nov 25, 2022

GHSA-f37v-82c4-4x64

Electron: Crash in clipboard.readImage() on malformed clipboard image data

Published Apr 7, 2026

GHSA-f3pv-wv63-48x8

Electron: Named window.open targets not scoped to the opener's browsing context

Published Apr 7, 2026

CVE-2023-4863HIGH

libwebp: OOB write in BuildHuffmanTable

Published Sep 12, 2023

CVE-2026-34766LOW

Risk: 16.5/100

Electron: USB device selection not validated against filtered device list

Published Apr 3, 2026

CVE-2026-34770HIGH

Risk: 35/100

Electron: Use-after-free in PowerMonitor on Windows and macOS

Published Apr 3, 2026

CVE-2020-4076HIGH

Context isolation bypass via leaked cross-context objects in Electron

Published Jul 7, 2020

CVE-2023-23623HIGH

Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled

Published Sep 6, 2023

CVE-2020-26272MEDIUM

IPC messages delivered to the wrong frame in Electron

Published Jan 28, 2021

CVE-2026-34777MEDIUM

Risk: 27/100

Electron: Incorrect origin passed to permission request handler for iframe requests

Published Apr 3, 2026

CVE-2017-1000424MEDIUM

Electron vulnerable to URL spoofing via PDFium

Published May 13, 2022

CVE-2026-34772MEDIUM

Risk: 29/100

Electron: Use-after-free in download save dialog callback

Published Apr 3, 2026

CVE-2021-39184MEDIUM

Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API

Published Oct 12, 2021

CVE-2023-39956MEDIUM

Electron vulnerable to out-of-package code execution when launched with arbitrary cwd

Published Sep 6, 2023

CVE-2026-34769HIGH

Risk: 38.51/100

Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference

Published Apr 3, 2026

CVE-2016-1202HIGH

High severity vulnerability that affects electron

Published Oct 24, 2017

CVE-2026-34778MEDIUM

Risk: 29.5/100

Electron: Service worker can spoof executeJavaScript IPC replies

Published Apr 3, 2026

CVE-2026-34775MEDIUM

Risk: 34.01/100

Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes

Published Apr 3, 2026

CVE-2026-34776MEDIUM

Risk: 26.5/100

Electron: Out-of-bounds read in second-instance IPC on macOS and Linux

Published Apr 3, 2026

CVE-2026-34771HIGH

Risk: 37.51/100

Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks

Published Apr 3, 2026

CVE-2023-29198MEDIUM

Electron context isolation bypass via nested unserializable return value

Published Sep 6, 2023

CVE-2022-21718LOW

Renderers can obtain access to random bluetooth device without permission in Electron

Published Mar 22, 2022

CVE-2026-34779MEDIUM

Risk: 32.51/100

Electron: AppleScript injection in app.moveToApplicationsFolder on macOS

Published Apr 3, 2026

CVE-2026-34764LOW

Risk: 21/100

Electron: Use-after-free in offscreen shared texture release() callback

Published Apr 3, 2026

CVE-2024-1648HIGH

Cross-site Scripting in electron-pdf

Published Feb 20, 2024

MAL-2024-955

Malicious code in @time-loop/electron-panel-window (npm)

Published Feb 2, 2024

MAL-2025-24

Malicious code in electron-builder-13 (npm)

Published Jan 7, 2025

CVE-2024-45835

Mattermost Desktop App fails to sufficiently configure Electron Fuses

Published Sep 16, 2024

CVE-2021-44685CRITICAL

Command injection in git-it-electron

Published Dec 8, 2021

CVE-2024-29900HIGH

@electron/packager's build process memory potentially leaked into final executable

Published Mar 29, 2024

CVE-2026-34725HIGH

Risk: 41.01/100

dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration

Published Apr 1, 2026

MAL-2022-1546

Malicious code in bfx-report-electron (npm)

Published Jun 20, 2022

CVE-2016-10534MEDIUM

SSL Validation Defaults to False in electron-packager

Published Feb 18, 2019

MAL-2024-2295

Malicious code in en-conduit-electron (npm)

Published Jun 25, 2024

MAL-2025-1412

Malicious code in electron-dependency-confusion-window (npm)

Published Feb 17, 2025

MAL-2022-2691

Malicious code in electron-secure-defaults (npm)

Published Jun 20, 2022

MAL-2025-48507

Malicious code in spot-electron-sdk (npm)

Published Oct 14, 2025

MAL-2024-1201

Malicious code in lodash-electron (npm)

Published Apr 4, 2024

MAL-2022-3277

Malicious code in gather-electron-interop (npm)

Published Jul 25, 2022

MAL-2025-191028

Malicious code in @lessondesk/electron-group-api-client (npm)

Published Nov 24, 2025

MAL-2022-2692

Malicious code in electron-test-app (npm)

Published Jun 20, 2022

MAL-2023-79

Malicious code in action-electron-builder (npm)

Published Jan 11, 2023

MAL-2022-514

Malicious code in @porting-assistant/electron (npm)

Published Jun 20, 2022

MAL-2026-1854

Malicious code in ssf-desktop-api-electron (npm)

Published Mar 18, 2026

MAL-2023-640

Malicious code in norbert_malik_circuitos_electronicos_pdf_2d (npm)

Published May 9, 2023

MAL-2024-10852

Malicious code in electron-request (npm)

Published Nov 20, 2024

MAL-2025-191086

Malicious code in electron-volt (npm)

Published Nov 24, 2025

MAL-2022-3332

Malicious code in generator-electron-dotnet (npm)

Published Jun 20, 2022

MAL-2024-2296

Malicious code in en-conduit-electron-auth (npm)

Published Jun 25, 2024

MAL-2024-2297

Malicious code in en-conduit-electron-renderer (npm)

Published Jun 25, 2024

MAL-2025-3820

Malicious code in baby-electron (npm)

Published May 15, 2025

MAL-2025-3821

Malicious code in baby-electrona (npm)

Published May 15, 2025

MAL-2024-11344

Malicious code in electron_npm_deps (npm)

Published Dec 9, 2024

MAL-2024-2298

Malicious code in en-conduit-electron-worker (npm)

Published Jun 25, 2024

MAL-2025-47523

Malicious code in @dropbox-photo-viewer/electron-app (npm)

Published Sep 25, 2025

MAL-2026-2243

Malicious code in browserstack-electron-forge-include-package-plugin (npm)

Published Mar 26, 2026

MAL-2025-215

Malicious code in percy-cake-electron-app (npm)

Published Jan 20, 2025

MAL-2025-2374

Malicious code in digits-electron-src (npm)

Published Mar 14, 2025

MAL-2025-4824

Malicious code in electron-streams (npm)

Published Jun 10, 2025

Check your entire dependency tree at onceRun dependency scan →